[Owasp-leaders] Is there a PHP equivalent to Webgoat?

Mike Boberski mike.boberski at cox.net
Sun Sep 6 23:40:12 EDT 2009


Related, if folks are interested in either the status or contributing to the
PHP ESAPI port, please contact me at mike.boberski at owasp.org

Mike

>
> On Sun, Sep 6, 2009 at 11:29 PM, mordecai kraushar <mkraushar at gmail.com>wrote:
>
>>  There is vicnum  - some php, some mysql and mostly perl . It is a a
>> lightweight vulnerable web application based on a game played to kill
>> time.
>>
>>
>> http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project#tab=Project_Identification
>>
>> mordecai kraushar
>>
>>
>>
>>
>>
>> On Sat, Sep 5, 2009 at 5:01 PM, Deoscoidy
>> Sanchez<Deoscoidy.Sanchez at rgonline.com> wrote:
>> > Check the Damn Vulnerable Web App at www.dvwa.co.uk/
>> >
>> > >From their site:
>> > "Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is
>> damn
>> > vulnerable. Its main goals are to be an aid for security professionals
>> to
>> > test their skills and tools in a legal environment, help web developers
>> > better understand the processes of securing web applications and aid
>> > teachers/students to teach/learn web application security in a class
>> room
>> > environment."
>> >
>> > -----Original Message-----
>> > From: owasp-leaders-bounces at lists.owasp.org
>> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Vlatko
>> Kosturjak
>> > Sent: Friday, September 04, 2009 6:44 PM
>> > To: owasp-leaders at lists.owasp.org
>> > Subject: Re: [Owasp-leaders] Is there a PHP equivalent to Webgoat?
>> >
>> > Actually, IronGeek has interesting list of vulnerable web applications
>> (nice
>> > to check);
>> >
>> http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applic
>> > ations-for-learning-web-app-security
>> >
>> > Hope it helps,
>> >
>> > Adrian Crenshaw wrote:
>> >> This may be what you want:
>> >> http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vu
>> >> lnerable-php-owasp-top-10
>> >>
>> >> On Fri, Sep 4, 2009 at 4:30 PM, Michael Menefee <mmenefee at gmail.com
>> >> <mailto:mmenefee at gmail.com>> wrote:
>> >>
>> >> Although not exactly the same, there are many deliberately insecure
>> >> testing sites out there, like the hacme series from Foundstone:
>> >>
>> >> http://www.foundstone.com/us/resources-free-tools.asp
>> >> Andrew Hay wrote:
>> >>> I¹ve had several people ask me if such a beast exists.
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090906/ec0f925f/attachment.html 


More information about the OWASP-Leaders mailing list